Certbot: Difference between revisions

From David's Wiki
 
Line 52: Line 52:
sudo certbot -i apache --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d local.davidl.me -d *.local.davidl.me
sudo certbot -i apache --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d local.davidl.me -d *.local.davidl.me
</pre>
</pre>
==Internal Services==
Certbot allows you to use a DNS challenge to update your IP. So set an A record to your local IP and do the DNS challenge instead of the HTTP challenge.

Latest revision as of 23:46, 1 February 2021

Certbot is the program by Let's Encrypt to manage your SSL certificates.

Install

See https://certbot.eff.org/instructions

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

sudo apt install certbot python3-certbot-apache python3-certbot-dns-cloudflare

Usage

See Managing Certificates

# List certificates
sudo certbot certificates

# Install a certificate
sudo certbot --apache -d wiki.davidl.me

# Generate a certificate without install
sudo certbot certonly --apache -d wiki.davidl.me

# Renew all certificates
sudo certbot renew

# Revoke a certificate
sudo certbot revoke --cert-name example.com

# Delete a certificate
sudo certbot delete --cert-name example.com

Wildcard Certificates

LetsEncrypt requires dns challenges for wildcard certificates. This means you'll need to input your dns information and us a compatible dns for auto-renewals.

Fill out dns creditials in ~/.secrets/certbot/cloudflare.ini

# Cloudflare API credentials used by Certbot
dns_cloudflare_email = <email>
dns_cloudflare_api_key = <apikey>
# Generate a wildcard certificate
sudo certbot -i apache --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d local.davidl.me -d *.local.davidl.me

Internal Services

Certbot allows you to use a DNS challenge to update your IP. So set an A record to your local IP and do the DNS challenge instead of the HTTP challenge.